Is your GDPR policy in ‘cheque’?
Any company dealing with data has found it challenging since the looming 25th May deadline came and went, and there is no doubt that the banking and financial industry are sure to have found this change the hardest.
Banks have admitted they are struggling to find the right people to fill the newly required role of data protection officer. With the large amount of sensitive data passing through their systems, complying with the GDPR and avoiding the hefty fines, is more important now than ever. With some favouring IT expertise over a risk-based background and many using current banking and financial employees to take on the management of this role, ensuring total compliance across the board and protecting the potential value of this data, is becoming more prevalent in this industry.
The Payment Services Directive (PSD2), also known as the “Open Banking” regulation, requires banks to allow other organisations to access customers’ data through a set of APIs. This is pushing banks and financial companies to create secure, encrypted APIs in order to decrease the chance of these portals becoming accessible to those who would want the data for their own ill-gotten gains.
With banking providing many services which were unheard of a few years ago, such as mobile and online banking, SMS updates and even the ability to pay with the simple touch of a card, the data which could be available is now easier to obtain and therefore harder to protect. As long as data exists within an organisation, it is vulnerable to attack and subject to many regulatory processes.
• Client Consent
• Right to data erasure and right to be forgotten
• Consequences of a breach
• Vendor management
Companies in this area should not be concerned, as they, more than most industries are already in a better position to stay in line with the GDPR. Privacy policies have been embedded in the bank’s systems for many years, and by making some small adjustments, should not find it problematic to stay within the GDPR guidelines. If you need help improving your consent management processes and GDPR policy; do not hesitate to get in contact with us today.